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(54) NETWORK MONITORING SYSTEM 

(57)Abstract: 

PROBLEM TO BE SOLVED: To provide a network 
monitoring system where an illegal access from an 
external network to an in-enterprise information 
network can be detected and a transmission source 
of an illegal packet can be retrieved. 
SOLUTION: The network monitoring system is 
provided with a traffic monitoring device 50 that 
monitors traffic of a packet passing through a router 
10 and received from an external network 3 and 
informs the router about identification information of 
an illegal packet at the time of detecting the illegal 
packet and with a disguised server 20 that gives a 
false reply to a sender of the illegal packet The 
router 10 identifies the illegal packet coming from the 
external network and transfers the illegal packet to 
the disguised server based on the identification 
information of the illegal packet informed from the 
monitoring device. 




a turn 



■6* 



LEGAL STATUS 

[Date of request for examination] 

[Date of sending the examiner s decision of 
rejection] 

[Kind of final disposal of application other than 
the examiner's decision of rejection or 
application converted registration] 

[Date of final disposal for application] 

[Patent number] 

[Date of registration] 

[Number of appeal against examiners decision 
of rejection] 

[Date of requesting appeal against examiner's 
decision of rejection] 

[Date of extinction of right] 



http://www1 .ipdl jpo.go jp/PA1 /result/detail/main/wAAAa28395DA41 2261 483P1 .htm 02/1 0/24 



JP 2000 - 261483 Network Monitoring System 



[Claim l] A network surveillance system for watching for illegal access from an outside 

network to an internal information network which is connected to the outside network by way of a 
router, the network surveillance system comprising: 

a traffic surveillance apparatus, which watches an inflow traffic of packets from the 
outside network by way of the router, and upon detection of a packet illegally accessing the internal 
information network, transmits a control packet indicating an identification information of the illegal 
packet to the router device; and 

a false server, which responds to a packet received, and transmits a response packet 
including intentional information to a transmitting source of the packet received , 

wherein the router is provided with means for responding to the control packet received 
from the surveillance apparatus and storing the identification information of the illegal packet, and 
wherein the router identifies the illegal packet based on the identification information from among 
packets received from the outside network, and transfers it to the false server. 



Nikkei Communications 9/20, 1999, 

Feature 94, "Security Measures Handled by Specialists" 



©FIG. 1-3 THERE ARE THREE TYPES OF FIREWALL MANAGEMENT 
REPRESENTATIVE SERVICES: "HOSTING TYPE" IN WHICH FIREWALL IS 
INSTALLED IN A PROVIDER'S FACILITY AND AN OPERATOR CONTROLS IT 
FOR MANAGEMENT AND SURVEILLANCE, "REMOTE CONTROL 
MANAGEMENT TYPE" WHICH IS A VARIATION OF THE "HOSTING TYPE" 
AND IN WHICH AN OPERATOR CONTROLS IT FROM A DISTANCE FOR 
MANAGEMENT AND SURVEILLANCE, AND "ECONOMY TYPE" IN WHICH A 
LOW COST MACHINE DESIGNED FOR FIREWALL IS CONTROLLED FROM A 
DISTANCE FOR MANAGEMENT AND SURVEILLANCE. 

©FIREWALL DESIGNED FOR USER IS INSTALLED IN THE NOC OR 
MANAGEMENT CENTER OF A PROVIDER, AND CONTROLLED BY AN 
OPERATOR FOR MANAGEMENT AND SURVEILLANCE. 

•SERVICE CHARGES BECOME HIGHER WITH INDIVIDUAL USER-ORIENTED 
SERVICES 

•CUSTOMIZATION BECOMES HIGH ACCORDINGLY. USED IN MANY 
CASES WITH THE HOSTING OF A WWW SERVER MAIL SERVER. 

(DAN OPERATOR CONTROLS FIREWALL INSTALLED ON THE USER SIDE 
FROM A DISTANCE FOR MANAGEMENT AND SURVEILLANCE. 
•A VARIATION OF THE HOSTING TYPE, AND USED IN THE CASE OF NO 
FIREWALL INSTALLABLE ON THE PROVIDER SIDE. 

•BECAUSE OF REMOTE CONTROLLED MANAGEMENT FAULT HANDLING 
IS DONE LATER THAN THAT OF THE HOSTING TYPE 

©A SURVEILLANCE SERVER CONTROLS FIREWALL INSTALLED ON THE 
USER SIDE FROM A DISTANCE FOR MANAGEMENT AND SURVEILLANCE 
•PRICE IS LOWERED WITH STYLIZED MANAGEMENT AND STAFFS 
SLASHED. 

•USE LOW-COST MACHINE DESIGNED FOR FIREWALL. 
•CUSTOMIZATION BECOMES LOW. 



Feature 94, "Security Measures Handled by Specialists" 
- Exploration of Practicability of Outsourcing - 
Internet Firewall Security Checkup 
(Nikkei Communications 9/20, 1999) 

In an economy-type management representative service, instead of a man 
checking but a surveillance server checks out such as illegal access automatically. The 
/ mechanism is that based on alert information received from a firewall, the surveillance 
server analyses a log and notifies the user of it. 



